Control Web Panel

Security => Mod_Security => Topic started by: Starburst on October 21, 2024, 08:06:05 PM

Title: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: Starburst on October 21, 2024, 08:06:05 PM

Switched a server from Comodo to OWASP latest (4.7.0), since it seems like the company who bought Comodo and the WAF ruleset has killed it.
Keep getting an error when trying to login, and from posts I'm not the only one.

Problem that has come up is LFD isn't sending the notifications from ModSecurity after the switch.
ModSecurity is still doing it's job, and is working.

@overseer, have you run into this problem?

Thanks all.

Title: Re: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: overseer on October 22, 2024, 03:30:58 AM

I will check out my servers.

As far as I know, Comodo is still rolling -- they just changed their name to Sectigo (dumbest re-branding ever!).
https://modsecurity.comodo.com (https://modsecurity.comodo.com)

Title: Re: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: Starburst on October 22, 2024, 04:43:32 PM

Not 100% sure about that.

Been hit & miss, more miss than anything when trying to login to https://waf.comodo.com/ (https://waf.comodo.com/)

When I've been trying to login, only get:
We're sorry, but something went wrong.

I saw OWASP updated a couple weeks ago, so figured I would give those a shot again.
And considering that's the option by Default on CWP, didn't expect any problem.

Title: Re: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: overseer on October 23, 2024, 02:08:18 AM

https://modsecurity.comodo.com/#Comodo-ModSecurity-Rules (https://modsecurity.comodo.com/#Comodo-ModSecurity-Rules)
Sign up FREE
https://accounts.comodo.com/ (https://accounts.comodo.com/) just let me create a new subscription to the Comodo WAF
SUBSCRIPTION EXPIRES ON October 23, 2025

Title: Re: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: Starburst on October 23, 2024, 07:03:37 AM

Yup. I've had an account, that's how I download the 1.241 ruleset and uploaded them.
Say's I'm currently good until 2024-12-22

(https://i.postimg.cc/ykBcCbkV/Screenshot-2024-10-23-064102.png) (https://postimg.cc/ykBcCbkV)

Even created a KB article on how to do it because of that WooCommerce bug in 1.240

Title: Re: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: Starburst on October 23, 2024, 07:16:21 AM

Just out of curiosity created a new account and it doesn't work either.
Weird.

Are you to login and see the download option?

Title: Re: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: Starburst on October 31, 2024, 04:24:17 PM

@overseer have you been able to login to waf.comodo.com lately?

I'm still getting the same error.

Title: Re: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: overseer on November 01, 2024, 04:21:26 PM

I don't usually login to that URL -- just accounts.comodo.com
But interestingly, if you do a password reset, it goes to https://cam.xcitium.com (https://cam.xcitium.com)
I think Comodo is in the midst of an identity crisis. Comodo? Sectigo? Xcitium?

Title: Re: Switch from Comodo rules to OWASP latest, now not receiving notifications
Post by: Starburst on November 01, 2024, 04:30:05 PM

The URL accounts.comodo.com show my license, but no link to download the ruleset. Unless I'm missing something.

Yea, that's why I think the free ruleset is dead, Xcitium seems like new company pushing it's won paid firewall.